Smishing and vishing attacks can dupe even the most vigilant users with persuasive, convincing text and voice messages. By using impersonation and authoritative language, it can be hard to distinguish fraudulent activity from legitimate inquiries.
6 Ways to Prevent Smishing and Vishing Attacks:
Read the tips below or scroll down to view the full infographic.
1. Carefully read and listen to all messages
Before responding to any suspicious text or voice message, pay attention to the language being used and think about what is being said. Be wary of senders or callers that use intimidation, threats, and an aggressive or urgent tone. Hang up and use official contact information to call back.
2. Beware of messages from unknown numbers
If a smishing or vishing messages originates from an unfamiliar or blocked number, be on your guard. In the case of vishing attempts, let the call go to voicemail and listen to the resulting message carefully before taking any action. Do not trust a call back number provided in the message.
3. Look out for the use of manipulative language
Cyber criminals who launch smishing and vishing campaigns often design messages to prey on basic human emotions like fear, greed, and trust. It’s important to use good judgement and scan each message thoroughly for suspicious elements.
4. Ask the sender questions about their request
If a sender is trying to obtain your information in exchange for a prize or commodity, ask them for verifiable proof of their identity and professional role. If the caller refuses to provide this or any other relevant information, stop replying to them.
5. Don't click on unexpected links or attachments
As with other types of cyber threats, don’t click on any unexpected links or open any attachments that come with a suspicious message. Remember, an organization will never ask you to transfer funds or divulge confidential information over the phone or an SMS conversation.
6. Never respond to requests with confidential information
Even if a smishing or vishing message appears to come from a bank, hospital, police department, or government office, never give up your personal information without verifying the sender’s legitimacy first. Also, avoid giving out your phone number to unfamiliar email sources.
Teach employees to detect and report cyber threats with engaging, effective cyber security awareness training.
Today's Phishing Benchmarks and Trends
The annual Gone Phishing Tournament is a free annual phishing simulation training event that helps organizations and security leaders better understand high-risk areas, compare phishing performance, and establish data-driven goals with accurate benchmarking data.